Drupal 7 permission based configuration

Posted by Alan D. on June 18, 2011 at 5:08am

1 follower

Issue Summary

Massive restructuring to convert the configuration settings to permissions and merge in Search Restrict. Categories are not covered, but other features are (to the best of my knowledge).

Comments

#1

Posted by Alan D. on June 18, 2011 at 5:16am

The code:

search_config.info

name = Search Configuration
description = Modify search functionality by role, including enforing restrictions by content type.
package = Search
core = 7.x
dependencies[] = search

search_config.module

<?php
/**
 * @file
 * Main functionality for the Search Configuration module.
 */

/**
 * Implements hook_permission().
 */
function search_config_permission() {
  // General interface restrictions.
  $permissions = array(
    'search content by keyword' => array(
      'title' => t('Search content by keyword'),
      'description' => t('This toogles the basic search forms.'),
    ),
    'search content by category' => array(
      'title' => t('Search content by category'),
       'description' => t('This toogles the advanced search forms category field.'),
    ),
    'search content by node type' => array(
      'title' => t('Search content by type'),
      'description' => t('This toogles the advanced search forms node type field.'),
    ),
    'search content by containing any' => array(
      'title' => t('Search content by "containing any" keywords'),
      'description' => t('This toogles the advanced search forms "containing any of the words" field.'),
    ),
    'search content by containing the phrase' => array(
      'title' => t('Search content by "containing the phrase" keywords'),
      'description' => t('This toogles the advanced search forms "containing the phrase" field.'),
    ),
    'search content by containing none' => array(
      'title' => t('Search content by "containing none" keywords'),
      'description' => t('This toogles the advanced search forms "containing none of the words" field.'),
    ),
  );

  // Content type restrictions.
  $permissions['search all content'] = array(
    'title' => t('Search all content'),
    'description' => t('Allow users to search content from any content type.'),
  );

  foreach (search_config_allowed_content_types() as $type => $label) {
    $permissions["search $type content"] = array(
      'title' => t('%type_name: Search content of this type', array('%type_name' => $label)),
    );
  }

  return $permissions;
}

/**
 * Implementation of hook_db_rewrite_sql().
 */
function search_config_query_node_access_alter(QueryAlterableInterface $query) {
   global $user;
   if ($user->uid == 1) {
     return;
   }
  $search = FALSE;
  $node = FALSE;
  foreach ($query->getTables() as $alias => $table) {
    if ($table['table'] == 'search_index') {
      $search = $alias;
    }
    elseif ($table['table'] == 'node') {
      $node = $alias;
    }
  }

  if ($node && $search) {
    if (user_access('search all content')) {
      return;
    }

    $excluded_content_types = array();
    foreach (search_config_allowed_content_types() as $type => $label) {
      if (!user_access("search $type content")) {
        $excluded_content_types[] = $type;
      }
    }

    if (!empty($excluded_content_types)) {
      $query->condition($node . '.type', array($excluded_content_types), 'NOT IN');
    }
  }
}

/**
 * Implementation of hook_form_alter().
 */
function search_config_form_alter(&$form, $form_state, $form_id) {
  switch ($form_id) {
    case 'search_form':
      // See if this is the node search form.
      if (isset($form['module']['#value']) && $form['module']['#value'] == 'node') {
        $form['basic']['#access'] = user_access('search content by keyword');
        $form['#after_build'][] = '_search_config_advanced_form';
      }
      break;
  }
}

/**
 * Remove restricted content types from the advanced search form. We use
 * after_build due to the method the node module uses to add the advanced
 * search options.
 */
function _search_config_advanced_form($form_element, &$form_state) {
  global $user;

  if ($user->uid == 1) {
    return $form_element;
  }

  if (isset($form_element['advanced'])) {
    if (isset($form_element['advanced']['keywords'])) {
      $keywords = &$form_element['advanced']['keywords'];

      $any = user_access('search content by containing any');
      $phrase = user_access('search content by containing the phrase');
      $none = user_access('search content by containing none');

      $keywords['phrase']['#access'] = $phrase;
      $keywords['or']['#access'] = $any;
      $keywords['negative']['#access'] = $none;

      [##### edit: removing breaks the formatting of the form - opinions? #####]
      // Special use case - all disabled.
      if (!($any || $phrase || $none) && count(element_children($keywords)) == 3) {
        $form_element['advanced']['keywords']['#access'] = FALSE;
      }
    }

    [##### edit: removing breaks the formatting of the form - opinions? #####]
    if (isset($form_element['advanced']['type'])) {
      $type = &$form_element['advanced']['type'];
      $type['#access'] = user_access('search content by node type');

      if (user_access('search all content')) {
      }
      else {
        $allowed_types = search_config_allowed_content_types();
        // Do not show if less than two types.
        if (count($allowed_types) <= 1) {
          $type['#access'] = FALSE;
        }
        else {
          foreach (element_children($type) as $key) {
            if (!array_key_exists($key, $allowed_types)) {
              unset($type[$key]);
              unset($type['#options'][$key]);
            }
          }
        }
      }
    }
  }

  // TODO - Categories

  return $form_element;
}

function search_config_allowed_content_types() {
  return array_map('check_plain', node_type_get_names());
}
?>

search_config.install

<?php
/**
 * @file
 * Install, update and uninstall functions for the Search Configuration module.
 */

/**
 * Implements hook_install().
 */
function search_config_install() {
  // Set a low weight so the module is called before node module.
  db_query("UPDATE {system} SET weight = -10 WHERE name = 'search_config'");
  // Set the default permissions.
  search_config_default_authenticated_roles();
}

/**
 * Helper function to set the default role permissions.
 *
 * This uses the system values to grant all users access to the keyword search
 * and to search all types.
 */
function search_config_default_authenticated_roles() {
  $insert = db_insert('role_permission')->fields(array('rid', 'permission'));
  foreach (array(DRUPAL_ANONYMOUS_RID, DRUPAL_AUTHENTICATED_RID) as $rid) {
    foreach (array(
      'search content by keyword',
      'search all content',
      // Enable, overridden by use advanced search permission
      'search content by node type',
      'search content by category',
      'search content by containing any',
      'search content by containing the phrase',
      'search content by containing none',
    ) as $permission) {
      if (!_search_config_has_permission($rid, $permission)) {
        $insert->values(array(
          'rid' => $rid,
          'permission' => $permission,
        ));
      }
    }
  }

  $insert->execute();
}

function _search_config_has_permission($rid, $permission) {
  return db_select('role_permission', 'p')
            ->fields('p', array('rid'))
            ->condition('rid', $rid)
            ->condition('permission', $permission)
            ->execute()
            ->fetchField();
}
?>

Love any feedback.

#2

Posted by Alan D. on June 22, 2011 at 10:28am

Title:	Drupal 7 / Merge Search Restrict & Search Config / Co-maintain / Permission based configuration	» Drupal 7 permission based configuration
Status:	active	» closed (fixed)

This proved very ugly at the configuration side of things.

Project:	Search configuration
Version:	7.x-1.x-dev
Component:	Code
Category:	task
Priority:	normal
Assigned:	Unassigned
Status:	closed (fixed)